I assume you mean WPA/PEAP not LEAP, because LEAP is a Cisco proprietary modification to WEP and does not support WPA/WPA2.
If you are using a Cisco ACS or Microsoft IAS server as your RADIUS server, then WPA1/PEAP roam times will be 1 to 2 seconds, depending on load on the RADIUS server, because of a complete re-auth. As if you were authenticating all over again to the Microsoft AD.
There are two solutions to this problem:
1. Using Cisco autonomous (standalone) APs (as it appears you have configured) and configure the APs to be members of a WDS. Also, your clients must support CCKM in one form or another.
Depending on your client wireless NIC and driver capabilities, you may be able to use WPA1 with CCKM or may be forced to use EAP-FAST and/or a Cisco wireless NIC. The Intel 2200BG, 2915ABG, and 3945ABG NICs have good support for Cisco radios and CCX standards. Most others do not.
You will NOT be able to use the MS zero-config client, you MUST use the driver supplied by the NIC vendor.
2. Upgrade your autonomous APs to the centralized model using a Cisco Airespace controller.
The Cisco WLCs have always supported WPA2/PEAP-MSCHAPv2 with fast roaming (configured on your client, controller, and RADIUS server) and recently have supported CCKM as above.
The important note is the fast roaming (under 100 ms) is ONLY supported with
1. Cisco's proprietary CCKM (with WPA1/WPA2 and PEAP-MSCHAPv2 or EAP-FAST), depending on client NIC and wireless driver. This NOT supported by the MS zero-config client.
2. WPA2/MSCHAPv2 with 'fast reconnect' enabled on the client, controller and RADIUS server. This is supported with the MS zero-config client with nearly any wireless NIC and wireless driver but requires XP SP2 with several hotfixes (NOT SECURITY PATCHES).
In short, there is nothing you can do with an autonomous AP and WPA1 with the MS zero-config client for fast roaming. Depending on the load on the AP, RADIUS server and MS AD DC(s), you may experience roam times measured in tens of seconds to a minute...
